WhatsApp Sues NSO For ‘Advanced’ Surveillance Hack Claim

WhatsApp has filed a lawsuit against Israel-based NSO Group, and alleged it was behind the cyberattack earlier this year that infected devices with advanced surveillance tools.

In May 2019, WhatsApp urged all of its 1.5 billion users to update their software to fix a vulnerability that it said was being actively exploited to implant advanced surveillance tools on users’ devices.

The Facebook-owned company discovered the vulnerability earlier in May and released a fix. The Financial Times reported in May that the bug was used to implant spyware developed by NSO, citing an unnamed surveillance software maker as its source.

NSO allegations

NSO Group is in the business of developing surveillance tools that are intended for use by governments and law enforcement agencies.

Earlier this year it is alleged that when attackers rang up a target’s phone, the malicious code would automatically infect the device (even if the call was not answered), WhatsApp said in a technical document on the issue.

The attack involved a buffer overflow vulnerability in WhatsApp’s voice over internet protocol (VOIP) stack that allowed remote code execution via a series of specially crafted secure real-time control protocol (SRTCP) packets, WhatsApp said in May.

At the time, WhatsApp acknowledged that the vulnerability had been used to install spyware, without mentioning NSO by name.

“This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems,” WhatsApp said in a statement back in May.

WhatsApp lawsuit

But now six months later WhatsApp is prepared to issue legal proceedings against the Israeli firm. In a court filing, WhatsApp said NSO Group “developed their malware in order to access messages and other communications after they were decrypted on target devices”.

It alleged that NSO Group created various WhatsApp accounts and caused the malicious code to be transmitted over the WhatsApp servers in April and May.

“In May 2019 we stopped a highly sophisticated cyber attack that exploited our video calling system in order to send malware to the mobile devices of a number of WhatsApp users,” blogged the messaging firm. “The nature of the attack did not require targeted users to answer the calls they received.”

“We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by this attack to directly inform them about what happened,” wrote WhatsApp. “This attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power our mobile phones.”

“WhatsApp has also filed a complaint in US court that attributes the attack to a spyware company called NSO Group and its parent company Q Cyber Technologies,” blogged the firm.

“The complaint alleges they violated both US and California laws as well as the WhatsApp Terms of Service, which prohibits this type of abuse,” it said.

“This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users,” it added. “In our complaint we explain how NSO carried out this attack, including acknowledgement from an NSO employee that our steps to remediate the attack were effective. We are seeking a permanent injunction banning NSO from using our service.”

Rejected allegations

However NSO Group told the BBC that it would fight the allegations.

“In the strongest possible terms, we dispute today’s allegations and will vigorously fight them,” the company said in a statement to the BBC.

“The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime,” it added.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Bitcoin Value Reaches $63,000 Record High

The value of the Bitcoin cryptocurrency continues to fluctuate, but has now surpassed $63,000 in…

7 hours ago

Iran’s Natanz Cyberattack Blamed On Israel

Second Stuxnet? Iran's Natanz nuclear facility suffered another cyberattack at the weekend, with the finger…

9 hours ago

Google Founders Larry Page, Sergey Brin Personal Fortune Grows

Share surge in Alphabet over the past year allows founders Larry Page and Sergey Brin…

11 hours ago

Apple Teases New Devices With ‘Spring Loaded’ Event

New devices to be revealed next week may include new iPads, AirTags, or even augmented…

13 hours ago

Chip Shortage – Renault To Extend Idle Factories Until September

Three of Renault's four car factories in Spain will be partly idled until end of…

15 hours ago

NHS Website Crashes Briefly Amid Rush For Vaccine Bookings

After the government authorises Covid-19 vaccines for over 45s, NHS booking website crashes briefly under…

15 hours ago